Slashdot Mirror
BusinessWeek on Hacker Hunters
prostoalex writes "You keep hearing about FBI, Secret Service or other law enforcement authorities involved in pursuing international cybercrime gangs, but who are those people and how does the cyberlaw enforcement work? Business Week talks about hacker hunters and people they're after. A large portion of the article is dedicated to describing the global scope of such activities with Russia, Eastern Europe and China leading the ranks for criminal hideouts."
Could we please try to restore the word "hacker" a more positive meaning on mainstream media?
http://www.dieblinkenlights.com
Looks like the Ruskis have this available as a course (if you want to go to Siberia) Hacker Hunter U,
"It's so convenient to have a system where everyone is a criminal" - A. Hitler
The alleged ringleaders went quietly, but one suspect jumped out a second-story window. Agents nabbed him on the ground.
Actually, I know the guy, and it wasn't the bust that did it.. he wasn't even aware of the encroaching officers.. he just failed AGAIN at getting a first post on slashy.
** "It's not my job to stand between the people talking to me, and the ones listening to me." -- Pego the Jerk
As someone who works in the security field and comes across hacked systems all the time, I'll believe they give a damn when they start returning my calls. Sounds like PR to get someone more funding. Trying to get someone at the FBI to care when you come across bot networks at an ISP, bank, or even a power company is next to impossible.
McBride however is remembered as calling the resulting DOS attacks "the darker side of the Linux community we've been fighting."
And as one of the "Hacker Hunters" (pffft), I can tell you that it's not the FBI (or any other LE agents) that don't care.
There's *no* point in an agent taking a case or even wasting his/her time returning your call (one of many every day) when he/she already knows that an Assistant United States Attorney (AUSA) won't take the case for prosecution. The threshold set by AUSAs can amazingly high for damages in most cases. Where I work, it is around $50,000 before they'll even talk to you. There's just too much already out there.
Criminal Investigations are all about prosecution. They all have too many cases as it is, all of which they hope to get prosecuted. There's no way an agent will waste their time on an unprosecutable intrusion.
Unprosecutable because:
1) damages don't meet the threshold.
2) the system was unpatched and "invited" the hacker in - I hate this the most.
3) the system was not bannered "..by clicking ok, you agree to give up your expectation of privacy"... - also a stupid reason, but the case law is there.
4) the hostile systems are difficult to obtain evidence from (read: overseas, unfrienldy).
5) the hostile is obviously a script kiddie (stupid warez, IRC, etc.). Experience shows that the effort put forth to go after these idiots is not worth the 30 days probation a juvenile gets in MOST cases - damage dependant.
Experience will tell you what kind of effort your phone call is worth to an investigator. After he delete's your message, there are probably 3 or 4 more waiting to make their own report.
The agency I work for forwards intrusion reports to us via e-mail. I ignore 90% of them. If I responded to them all (or even half), I'd NEVER have the time to go after the important ones. That's life.
Well, why not whine about that gay now mean homosexual and not jolly or that spam should only used to descripe some kind of food.
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
So what's the point of shooting a deer with a BFG9000? Bring it down and cook it all at once, I guess?
Paleotechnologist and connoisseur of pretty shiny things.
Yes. Chosing SCO as a target seemed to me to have the following motivations for the crackers:
1: Advertising. They had a bot net that they wanted to demonstrate the power of. "Behold the might of our bots! It takes down SCO and Microsoft! Now pay protection money or your online casino is out of business."
2: Social engineering against administrators. Linux-users are more likely to be administrators and have other network-related jobs. The crackers might think that attacking SCO and Microsoft would gain them symphaty from some of the administrators.
3: The crackers don't like Microsoft. The security updates are a hindrance to them.
4: The crackers don't like Linux/BSD. Microsoft's saving graces, in the cracker's eyes, is that they at least used to make insecure software, and they made a monoculture fertile to malware. By casting the blame on "linux fans", they might hurt the image of the FOSS community.
Irene KHAAAAAAN!
I missed your point, on purpose. Can you see how the issue might seem to someone who does not have your unique vantage point? There's too much work, so you choose the high-profile cases. There's too much work, so you let the small fry continue to break the law. There's too much work, so you need more funding... All of this is more than likely true, however: My point is, to the eye of an average tax-paying citizen, me, it seems very much as if, because the average tax-paying citizen doesn't have large enough businesses or large enough losses, we don't rate any protection at all, and only those who pay larger amounts in taxes or sustain larger losses (regardless of relative ability to *bear* such losses) get their issues even heard, much less addressed. Beyond a massive education initiative so that the people affected are better-prepared to protect themselves (hence reducing the amount of work your beleaguered department has), how would you recommend solving this dilemma? And, really, do we want citizens knowing that we must protect ourselves because the people in the agencies we pay to protect us are so overworked? Methinks that way may lie vigilantism, which seems to get prosecuted much more vigorously for some reason.... Maybe we average folks don't get to see nearly enough of what's going on - maybe some network exec could follow a day/week/month in the life of a law enforcement official in yet another reality show, bring it home that it's not all doughnuts and jaywalkers, but meantime, there's still that pesky problem of appearances. I'm just letting you know how it looks from out here...
Take the 90-Day Challenge! http://rwmurker.bodybyvi.com/
That's just it... The thresholds are high - not because those are the glamerous cases (the vast majority are sensitive enough NOT to make it to the press), but because they have the greatest impact on our society, and hence, the taxpayers. For example:
a) A Government contractor housing sensitive information is compromised. The cost to the taxpayer is not obvious, but it *is* there. And it's a greater cost than you might imagine. Compromised technology and data exfiltration -- funded by taxpayers like you.
b) your company's website is brutalized, and perhaps the customer database is somehow compromized. The cost in rebuiding the servers is (if it's really big) around $10,000 in man hours. Explain to me how a price will be put on the customer database. This will have to be done by the already overworked prosecuter in court (assuming it ever gets there). Prosecution and sentencing are based on damage to society, in most cases.
Which one do you think the FBI is most interested in (for the sake of the taxpayer)? In the case of the first, *all* taxpayers bear a burden. In the case of the second... not so much.
Understand this. Cybercrime investigators are overworked well beyond what you can imagine. A threshold *has* to be established. If you fall below that threshold, I'm sorry. Secure your systems.
The days of sending out the fire department to get little kitty out of the tree are over. This has nothing to do with "ignoring the little guy". It's economy of resources.